However, desktop virtualization also exposes new security challenges. Organisations often host multiple desktops with the same operating systems and the same set of applications on a single physical server. Without proper isolation, an attacker can install a rootkit and compromise multiple desktops. With limited system diversity, attackers might uncover a vulnerability, allowing them to quickly exploit thousands of desktops in one fell swoop.
We predict that in 2015, attackers will execute more brute force attacks and conduct new and creative attacks on virtual desktops. To protect VDI environments, organisations should implement operating system or application isolation-especially if virtual desktops are hosted in the cloud. Organisations should also control how data can be transferred to and from VDI environments, install anti-malware software, and monitor for intrusions.
Security Predictions for 2015 No.3 - The Internet of Things (IoT) Will Expose New Security Risks
More knowledge and convenience is not always a good thing. The Internet of Things (IoT) promises to make our lives easier, but without proper safeguards, it also opens us up to an array of new security threats. Even though IoT is still in its early stages, the number of devices connected to the Internet is growing, thereby increasing the potential for attacks at any time.
Three potential IoT risks include:
- Attackers using brute force or knowledge of default credentials to gain access to IoT devices or to the cloud infrastructure that stores IoT data.
- Malware infiltrating high-end IoT devices, such as SmartTVs, that have full Android operating systems and access to app stores.
- Malware infecting PCs and tablets that manage IoT devices, such as home security systems or cameras.
To reduce risks associated with IoT devices, consumers and businesses alike should investigate how the device is accessed and whether it stores sensitive data. They should avoid installing unknown software and, whenever possible, configure strong passwords on devices. Not convinced? A recent hack of more than 73,000 webcams underscores the importance of using strong passwords on IoT devices.
Security Predictions for 2015 No.4 - POS Systems Will Continue to Be under Fire, but Smart Cards Will Come to the Rescue
Retail breaches overshadowed virtually every other attack vector in late 2013 and 2014. A continuous parade of breach disclosures hit headlines and affected many of the world's most well-known retail brands. The culprit behind these breaches: malware infections on point-of-sale (POS) devices.
Using a variety of techniques, including brute force and compromising management or software update tools, hackers are able to install malware on POS systems. The malware scrapes credit card numbers and CVVs from system memory. The most advanced malware strains can actually capture data from inter-process communications, quickly zeroing in on payment card data.
Sign up for Computerworld eNewsletters.